Support the TLS Feature (aka Must Staple) X.509v3 extension (RFC7633). (ba67253d) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

crypto/objects/obj_dat.h

+10 −5

Original line number	Diff line number	Diff line
		@@ -62,12 +62,12 @@
		* [including the GNU Public Licence.]
		*/

		#define NUM_NID 1020
		#define NUM_SN 1013
		#define NUM_LN 1013
		#define NUM_OBJ 936
		#define NUM_NID 1021
		#define NUM_SN 1014
		#define NUM_LN 1014
		#define NUM_OBJ 937

		static const unsigned char lvalues[6604]={
		static const unsigned char lvalues[6612]={
		0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
		0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
		0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
		@@ -998,6 +998,7 @@ static const unsigned char lvalues[6604]={
		0x2A,0x85,0x03,0x64,0x03, /* [6588] OBJ_SNILS */
		0x2A,0x85,0x03,0x64,0x6F, /* [6593] OBJ_subjectSignTool */
		0x2A,0x85,0x03,0x64,0x70, /* [6598] OBJ_issuerSignTool */
		0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18, /* [6603] OBJ_tlsfeature */
		};

		static const ASN1_OBJECT nid_objs[NUM_NID]={
		@@ -2669,6 +2670,7 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
		{"grasshopper-mac","grasshopper-mac",NID_grasshopper_mac,0,NULL,0},
		{"ChaCha20-Poly1305","chacha20-poly1305",NID_chacha20_poly1305,0,NULL,0},
		{"ChaCha20","chacha20",NID_chacha20,0,NULL,0},
		{"tlsfeature","TLS Feature",NID_tlsfeature,8,&(lvalues[6603]),0},
		};

		static const unsigned int sn_objs[NUM_SN]={
		@@ -3656,6 +3658,7 @@ static const unsigned int sn_objs[NUM_SN]={
		293, /* "textNotice" */
		133, /* "timeStamping" */
		106, /* "title" */
		1020, /* "tlsfeature" */
		682, /* "tpBasis" */
		375, /* "trustRoot" */
		436, /* "ucl" */
		@@ -3813,6 +3816,7 @@ static const unsigned int ln_objs[NUM_LN]={
		1007, /* "Signing Tool of Subject" */
		143, /* "Strong Extranet ID" */
		398, /* "Subject Information Access" */
		1020, /* "TLS Feature" */
		130, /* "TLS Web Client Authentication" */
		129, /* "TLS Web Server Authentication" */
		133, /* "Time Stamping" */
		@@ -5244,6 +5248,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
		397, /* OBJ_ac_proxying 1 3 6 1 5 5 7 1 10 */
		398, /* OBJ_sinfo_access 1 3 6 1 5 5 7 1 11 */
		663, /* OBJ_proxyCertInfo 1 3 6 1 5 5 7 1 14 */
		1020, /* OBJ_tlsfeature 1 3 6 1 5 5 7 1 24 */
		164, /* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */
		165, /* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */
		293, /* OBJ_textNotice 1 3 6 1 5 5 7 2 3 */

crypto/objects/obj_mac.num

+1 −0

Original line number	Diff line number	Diff line
		@@ -1017,3 +1017,4 @@ grasshopper_cfb 1016
		grasshopper_mac 1017
		chacha20_poly1305 1018
		chacha20 1019
		tlsfeature 1020

crypto/objects/objects.txt

+1 −0

Original line number	Diff line number	Diff line
		@@ -472,6 +472,7 @@ id-pe 10 : ac-proxying
		!Cname sinfo-access
		id-pe 11 : subjectInfoAccess : Subject Information Access
		id-pe 14 : proxyCertInfo : Proxy Certificate Information
		id-pe 24 : tlsfeature : TLS Feature

		# PKIX policyQualifiers for Internet policy qualifiers
		id-qt 1 : id-qt-cps : Policy Qualifier CPS

crypto/x509v3/Makefile

+16 −2

Original line number	Diff line number	Diff line
		@@ -20,13 +20,13 @@ v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c \
		v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
		v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \
		pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
		v3_asid.c v3_addr.c v3_scts.c
		v3_asid.c v3_addr.c v3_scts.c v3_tlsf.c
		LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
		v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
		v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
		v3_akeya.o v3_pmaps.o v3_pcons.o v3_ncons.o v3_pcia.o v3_pci.o \
		pcy_cache.o pcy_node.o pcy_data.o pcy_map.o pcy_tree.o pcy_lib.o \
		v3_asid.o v3_addr.o v3_scts.o
		v3_asid.o v3_addr.o v3_scts.o v3_tlsf.o

		SRC= $(LIBSRC)

		@@ -534,6 +534,20 @@ v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
		v3_sxnet.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
		v3_sxnet.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
		v3_sxnet.o: ../include/internal/cryptlib.h ext_dat.h v3_sxnet.c
		v3_tlsf.o: ../../e_os.h ../../include/internal/o_str.h
		v3_tlsf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1t.h
		v3_tlsf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
		v3_tlsf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
		v3_tlsf.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
		v3_tlsf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
		v3_tlsf.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
		v3_tlsf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
		v3_tlsf.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
		v3_tlsf.o: ../../include/openssl/pkcs7.h ../../include/openssl/safestack.h
		v3_tlsf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
		v3_tlsf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
		v3_tlsf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
		v3_tlsf.o: ../include/internal/cryptlib.h ext_dat.h v3_tlsf.c
		v3_utl.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
		v3_utl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
		v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h

crypto/x509v3/ext_dat.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -70,3 +70,4 @@ extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
		extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
		extern const X509V3_EXT_METHOD v3_addr, v3_asid;
		extern const X509V3_EXT_METHOD v3_ct_scts[];
		extern const X509V3_EXT_METHOD v3_tls_feature;